Re: [PATCH net-next] x86: bpf_jit_comp: secure bpf jit against sprayingattacks
From: Daniel Borkmann
Date: Sun May 19 2013 - 13:03:31 EST
On 05/18/2013 04:37 AM, Eric Dumazet wrote:
From: Eric Dumazet <edumazet@xxxxxxxxxx>
hpa bringed into my attention some security related issues
with BPF JIT on x86.
This patch makes sure the bpf generated code is marked read only,
as other kernel text sections.
It also splits the unused space (we vmalloc() and only use a fraction of
the page) in two parts, so that the generated bpf code not starts at a
known offset in the page, but a pseudo random one.
Refs:
http://mainisusuallyafunction.blogspot.com/2012/11/attacking-hardened-linux-systems-with.html
Reported-by: H. Peter Anvin <hpa@xxxxxxxxx>
Signed-off-by: Eric Dumazet <edumazet@xxxxxxxxxx>
Great work !
Probably other archs could later on follow-up with setting to read-only, too.
Reviewed-by: Daniel Borkmann <dborkman@xxxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/